Due to how we pass in existing store paths via CLI arguments for the
diff and combine scripts, Nix didn't register a dependency on the store
paths properly. This meant that some of the derivations that were built,
didn't have the right store paths made available in the sandbox -
leading to all kinds of "not found" errors.
We worked around this in CI by resolving the symlinks to the nix store
beforehand. We tried to work around this locally by storing the nix
store path in BASELINE, but this didn't fully work. By explicitly
registering these store paths as dependencies, this should work across
the board - without any magic required by the caller.
(cherry picked from commit 45a765a282)
This fixes build issues with gitaly >=18.3.
This change authored by Helsinki Systems. Thank you for providing this.
(cherry picked from commit 86fc7533fb)
Multiple Node.js packages in nixpkgs create file collisions when installed together in home-manager or system profiles. Specifically:
- `gemini-cli` vs `eslint`: collision on `lib/node_modules/eslint/conf/default-cli-options.js`
- `gemini-cli` vs `angular-language-server`: collision on `lib/node_modules/semver/README.md` (with permission differences: 0555 vs 0444)
This occurs because these packages install their bundled dependencies directly to `$out/lib/node_modules/`, causing path conflicts when multiple packages provide the same transitive dependencies.
The issue stems from packages copying their entire `node_modules` directory to a shared location (`$out/lib/node_modules/`) rather than isolating their dependencies in package-specific directories.
Before:
```nix
cp -r node_modules "$out/lib/"
```
After:
```nix
cp -r node_modules "$out/share/gemini-cli/"
```
This is probably counterproductive in some ways (would ideally share deps?) but at least this fix allows these packages to coexist.
(cherry picked from commit 1aff5d6e7e)
Backported fix for https://github.com/dokuwiki/dokuwiki/issues/4512
(Unauthenticated Reflected Cross Site Scripting) since the 2024-02-06
release didn't receive it.
Not-cherry-picked-because: Manually applying upstream patch to avoid
breaking updates where this would not be needed.
